In June 2017, the Synergia Foundation organized a Conference on ‘Cyber Threats – Who Cares? Who Should I Call?'. The primary objective was to bring key stakeholders including security practitioners, board members, CEO’s and government officials - and have a discussion to have a deeper understanding of the problem.
S. Khuntia IAS, Chief Secretary, GoK pointed out that presently, more and more operations are being digitalised. ‘Thus, we have to optimise to make systems foolproof and use resources effectively’ he said. He proposed a regulatory framework to tackle cyber criminals, adopt legal measures and formulate understandings of cooperation between countries etc. It will not only be for the money, but can also pose as a security threat to the country.
R. K. Dutta IPS, DGP remarked that ‘If we have to investigate, then the Legal system is that it has to go by our procedures which are lengthy’. This needs to be resolved so that vital evidence is not lost. ‘We need to make our systems more secure, we need to spread the awareness of cyber-crime amongst the general public which may require the governmental and industry effort’.
I.S.N. Prasad IAS, ACS, Department of Finance , GoK remarked that that all the banks, the treasuries, are completely synced on a digital mode and if anything happens, ‘we are really sunk’. As a solution, he suggested that “it looks like there is no escape from having sufficient copies of the database elsewhere, however cumbersome or expensive it is”. He said that state governments should be more actively involved in developing cyber threat resilience capacity.
Subhash Chandran IAS, ACS, Home reiterated that one of the fundamental issues of homeland security is the risk of cyber security to homeland security issues. He said ‘we do need to have think tanks to merge all our learning and inputs together to work out some sort of response mechanism’; and that there was definitely an urgency to this whole debate.
Rajiv Chawala IAS, ACS, E- Governance, GoK reminded the gathering that ‘we must not be complacent that we have not yet been attacked’. Pointing out vulnerabilities, he said data centers may not have understood the ramifications of this potential threat. ‘Almost none of them are audited to security measures’ he said.
Gaurav Gupta IAS, IT Secretary highlighted 3 issues:
1. Emergency of operational centres- how well are the large industries prepared?
2. Need to anticipate the issues in cyber-crime and forensics- from a broader perspective and the IT front.
3. Skilling, re-skilling and upgrading the people in departments needs to be done.
Pratap Reddy ADGP, GoK spoke about the lack of a platform for sharing the threats that have been seen and economizing the threat ( as companies and institutions that have been attacked do not like to be identified) The second issue is that institutions handle the threat only when it is seen. Third issue he highlighted was the lack of legislation in matters of cyber offences.
Tobby Simon - President, Synergia Foundation brought up three crucial points.
1. Who should be called when a cyber threat occurs? Do we call the Board, the government, the CEO, the CTO, the CIO or else whom?
2. When should they be informed? Also if it is a biological threat - who should be called, or who is the expert to respond? This is a global threat, cutting across industries. Anybody could be a target, there is no time to prepare; response needs to be global, it takes very little time for the adversary to execute it.
Dipthi Deodhar CAIR/DRDO pointed out that whatever strategy we decide on, must be anchored on three aspects: people, policy and technology.
Hari Hegde Senior VP & Global Head of Operations, WIPRO suggested that not just people or companies, but the state itself is going to be increasingly more vulnerable.
Murli Mahalingam CSO, ICICI remarked that we need a Cyber-Security strategy at the state level; and a comprehensive plan to implement technology and skills-based resistance measures is required.
Sateesh Kumar P.R.V. Director, Honeywell suggested that maybe this is the right time for Karnataka state to create a CERT for themselves considering the good protocols that have succeeded, and even the protocols that have not succeeded can be applied here.
K.P.M. Das Director, CISCO reminded that trust is fundamental and a pre-requisite to collaboration between agencies; the triad of technology, processes, and people form the foundations of capacity and capability in a cyber-security setting. Each has its place in the scheme of things, and boards and CXOs may do well to build a "balanced scorecard" around this balance.